Attacking JWT - Header Injections

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·3y ago

Key Takeaways

The video demonstrates attacks on JSON Web Tokens (JWT) using header injections, specifically algorithm injection and JWK header injection, and provides a primer on JWT headers and code review.

Full Transcript

welcome back to another video now this is a follow-up from my previous cracking Json web tokens video and you don't necessarily need to have watched it but it does cover the foundations of what a Json web token is if you're unfamiliar with them now today we're going to look at two attacks both targeting the header of our jwts as always if you enjoyed the video feel free to like And subscribe and let's dive in before we talk about header injection let's go a little bit deeper into the headers of a JWT the only mandatory header is ALG according to the specification however we often see type in there and other things like key ID which we'll see later on in our first attack we're going to tamper with the alloc header itself but in the second we'll look at how we can inject other headers to cause the application to use a key that we provide rather than the one intended by the application the other headers that we might be interested in are Json webkey jwk Json webkey sets URL jku and the key ID kid Json webkeys are a data structure that represents a cryptographic key as expected it's used to sign a verified jwts and can have various properties like the key type and the algorithm the jku header is a URL that points to a Json web key set jwks which is like it sounds a set of jwks that can represent multiple keys this is really handy because often if we want to rotate Keys we can grab the latest public key from the specified URL and the key ID kid lets us specify the key we are looking for 4 from a Json webkey set so together these are used to manage and identify which keys to use when signing and verifying ajwt now I realize that's quite a lot to take in but we'll be looking at this in a little bit more detail in our second lab so going back to our first attack on the algorithm header we're going to modify the value to none and what this does is tell the application to not use an algorithm and essentially trust and decode the token with no verification now the testing I did for this attack turned out to be pretty interesting as the packages I tested ended up handling the payload differently the two main packages I looked at were Json web token for node.js and Pi JWT which is a python Library commonly used in flask applications I can't say this for every package or scenario but both of these packages required me to specify the use of the none algorithm which was nice to see I'm sure there are some libraries out there that allow this Behavior by default also after getting the node.js version of my app handling the non-algorithm correctly I had to handle the secret differently because if you're using the ALG none then your key or secret needs to be null all in all it's actually a little annoying to write an application as vulnerable to the alcanon attack if you're using reputable up-to-date libraries in a normal way and this makes sense because I think this attack goes as far back as 2015 or at least it's listed under CV 2015 something something but as we walk through the code and you're like hey why is this setup to clearly be vulnerable to this attack by specifically allowing the non-algorithm in our algorithms list well now you know why because we have to just before we dive in I wanted to mention that it's still important to know about these kinds of attacks because they may still come up from time to time for example in Legacy applications or if two systems are integrated and maybe one Dev team doesn't want to share the secret or key with another Dev team but still want to process tokens from a third-party application in this instance they may allow for non-signed tokens without thinking about how that would impact other tokens that are sensitive to being tampered with or you could simply be doing a CTF all good reasons for knowing this technique let's take a quick look at our sample application for the first attack all right so we have our application here so we can ignore lines one four and five because this is just Express which is going to make rooting and things like that a little bit easier but not integral to the application or the attack we're trying to demonstrate line two is important however as we're importing the Json web token library and assigning this to JWT so every time you see JWT dot something you know that we're using the Json web token Library like down here so JWT DOT sign for example on line seven we're defining the secrets so please like And subscribe of course and this is asymmetric secret so this is going to be used to encrypt and decrypt or sign and verify our token I will at some point dive into hmax and asymmetric encryption and using public and private keys for Json web tokens probably something for another video now on line 9 we have our I get slash JWT endpoints so we just Define a payload obviously here this would be the logic of your application building the payload and then we have cons token equals JWT DOT sign and we're going to include the payload and use the secret to sign it and we're going to use the algorithm HS 256 and then we simply return this token now next up you can see a load of code that I've commented out and this is my original code that I thought would work so I thought basically all that I needed to do to include none in the algorithm is to include it in my algorithms list but this ended up to not be the case so I have app.post verified JWT and then we grab the token from the request body and then we do jwt.flarify pass in the token the secrets and the allowed algorithms and then if it's all good we return valid token if there's an error we return invalid token this didn't work unfortunately so I had to rewrite this endpoints and if we scroll down from we can see from line 26 what's happened when you pass in a token with the algorithm none you're not allowed to pass in a defined key or secret so what I had to do is essentially the same thing but adds this code here which decodes the header so we have decoded header equals jwt.d code notice we're not verifying this we're just decoding and then what we're doing here is we're defining a new key and if the decoded header.algorithm is equal to none we set the key to null otherwise we set the key to Secrets which of course is defined up here on line 7. and this is just a ternary operator this does the exact same thing it was my original way of doing it but I thought this was a little bit easier to read because not everybody uses uh this style of development or the style of if statements but the output of line 29 and the output of line 30 to 35 is exactly the same basically so here we come to our decoded token we do our jwt.verify and we pass in the token and of course if the token uses the none algorithm this key is going to be set to none and if it's using hs256 it's going to be set to secrets and these are the allowed algorithms and then if it's valid we return a message saying valid token and hello decoded token.username otherwise we return invalid token so that's the application let's jump in and demo the attack all right so we're just gonna spin up our application so node app.js looks like we're running on three thousand and one and then all we're going to do is curl HTTP localhost 3001 and grab our token with Slash JWT so usually I think or at least in the last video I used JWT dot IO to decode and mess around with the token However unfortunately this isn't going to work because for some reason it doesn't support the none algorithm and if I try and do this manually we don't get a token back but this is okay we could also do this in in the terminal but it's a little bit easier to use online tools if we come to token.dev paste in our token here and then we can either edit it manually or just come to the none algorithm here and there is one little problem with this but we'll address that in a second so I'm just going to copy this and then go at our payload and then we want HTTP slash localhost 3001 JWT and I suspect the fact that we don't have a trailing dot is going to throw an error which it does it says cannot read properties of null different applications might behave slightly differently when passing Json web tokens but in this case we need our DOT and we get a valid token and let me just clear my screen and send this again so it's a little bit easier to see so we have valid token message hello user and what we can do with this is we can just in fact come back to this and demo that this works by just saying Alex and I only need the second part of this token because the first part is the header and that decoded separately or encoded separately with base64 paste this in and we have a valid token with the message Hello Alex so our attack is working as expected now I also want to kind of show this in burp Suite because bubsweet has a great extension called JWT editor or something like this we'll see in a second and it's a useful one for testing jwts instead of using the terminal or doing everything manually so let's grab a fresh token and root this through our proxy so curl HTTP slash local whoops post 3001 JWT and we're just going to do proxy http localhost or 8080 and we should see this pop up and if you do have this JWT editor Keys installed it automatically highlights requests and responses that have a Json web token present in green which is quite handy and what we can do is we're just going to grab this token and then we're going to send it to verify but again we're going to send it through the proxy oops t80 so we have our token message equals hello user and here you'll see that we have a new tab open and I'll just move myself out of the way for a second so we can see a bit better we have this Json web token tab so we can start interacting with this and same with this post you'll see the Json web token tab here as well if you don't have this installed by the way you can come to extensions the App Store search for JWT and it's this one JWT editor and then all we're going to do is we're going to send this post to the repeater with Ctrl r or you can right click Send to repeater and again you have this tab open here and there's a couple of ways to do this we can either just modify the information in here or we can just do the none signing algorithm and click that send it it's still valid and as you can see even though we don't have a signature we're still good to go now if you want to know a little bit more about interacting with jwts and burp Suites then there is a great article here on the web Security Academy and this tells you all about how to interact with Json web tokens with this web Suite plugin so super helpful if you want to go and check that out and this is actually where we want to be for our next attack so let's take a quick look at jwk header injection so with jwk header injection this is an attack that exploits the insecure handling of Json webkeys embedded in the JWT header now in a secure implementation the server should rely on a trusted source of public Keys such as a jwks endpoint to verify the token's signature however if the server accepts a jwk provided in the token Header by the clients we can craft a token with a custom jwk containing our public key and then we can sign the key with our private key that we control effectively forging a valid token so let's take a look at how we can do this and I've come to Port swiger Academy so I'm just going to access the lab here we are and I think we can come to my account and it gives us some credentials to log in and the objective of this lab so if the text is a little bit small is basically to access the admin panel so we have an account as Dina and Peter and we log ourselves in so what I'm going to do is I'm going to switch on our proxy and just hit refresh we can actually see that we have a token already and here we are we have the my accounts and everything with a Json web token detected is highlighted in green let's take a quick look and I'm just going to move myself out of the way so here you can see that we have this cookie session equals and this is our Json web token and you can see that it's quite long so we could go in and decode this but we don't need to we can just switch over to Json web token tab here and we can see all of the information that we need so in the header we've got a couple of things we've got the kit and the algorithm rs256 and we have the ISS which is portsmigger and the sub which is Vina so this is our username and before we carry on what we want to do is maybe just grab this and see if we can just grab the admin endpoints and see what it says so it says admin interface only accessible or only available if logged in as an administrator so we come back here and we can see this request here so what I'm going to do is I'm going to send this to the repeater and I'm just going to hit send and we have again the admin interface is only logged in if available as an administrator now to pull off this attack we actually need our own public private keys and we could generate these but it's much easier if we just come to JWT editor Keys you can see that I've already created some but let's just create a new one for the video and we do new RSA key and we'll select 2048 jwk and hit generate and then we'll just hit OK and you can see that this has been added to our list of keys now I'll come back to repeater and all we want to do is we want to come into attack and embed jwk so we're embedding a new header which is going to be our key and we can choose our key from the list both of these are RSA 2048 so either of them are okay but use the one that you generated click OK and you can see our headers have changed we have this new embedded jwk in the header so this isn't going to work just yet because we actually need to update the sub here so we're just going to update this to admin and unfortunately because I updated this after adding our key we need to re-add it because it's going to sign the token when we embed our jwk so obviously we've changed the token since we previously signed it hit okay and then hit send and we'll just come to render you probably need admin illustrator instead of admin so let's try this again embed jwk hit send and we get the admin interface which is what we want and I if I recall the objective is to delete one of the users so we need to delete the user Carlos so we can just come back into here find the URI for this so slash admin delete username equals Carlos copy this come back to our request and we can just update our request and hit send and we'll get a 302 found which is good follow the redirection and we can look down here for the congratulations Banner or we can hit render and we get congratulations you solved the lab which is great so that's it for today's video now there's still a lot more to look at and consider but I hope this gives you some insight into how we can attack Json web tokens I'll catch you next time

Original Description

00:00 Intro 00:28 JWT Headers Primer 04:13 Code review 08:02 Algorithm injection attack 13:07 JWK header injection 18:14 Outro Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com Sponsorship Inquiries: info@thecybermentor.com 📱Social Media📱 ___________________________________________ Twitter: https://twitter.com/thecybermentor Twitch: https://www.twitch.tv/thecybermentor Instagram: https://instagram.com/thecybermentor LinkedIn: https://www.linkedin.com/in/heathadams TikTok: https://tiktok.com/@thecybermentor Discord: https://discord.gg/tcm 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1 EVGA 2080TI: https://amzn.to/30d2lj7 MSI Z390 MotherBoard: https://amzn.to/30eu5TL Intel 9700K: https://amzn.to/2M7hM2p G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P Sennheiser RS 175 RF Wirele
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60

← Previous Next →
1 Buffer Overflows Made Easy - Part 1: Introduction
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
2 Buffer Overflows Made Easy - Part 2: Spiking
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
3 Buffer Overflows Made Easy - Part 3: Fuzzing
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
4 Buffer Overflows Made Easy - Part 4: Finding the Offset
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
5 Buffer Overflows Made Easy - Part 5: Overwriting the EIP
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
6 Buffer Overflows Made Easy - Part 6: Finding Bad Characters
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
7 Buffer Overflows Made Easy - Part 7: Finding the Right Module
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
8 Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
9 HackTheBox - Sunday Walkthrough (Re-Up)
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
10 Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
11 Networking for Ethical Hackers - Network Subnetting (Re-Up)
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
12 Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
13 Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
14 HackTheBox - Fighter Walkthrough (Re-Up)
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
15 Beginner Linux for Ethical Hackers - Navigating the File System
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
16 Beginner Linux for Ethical Hackers - Users and Privileges
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
17 Beginner Linux for Ethical Hackers - Common Network Commands
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
18 Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
19 Beginner Linux for Ethical Hackers - Controlling Kali Services
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
20 Beginner Linux for Ethical Hackers - Scripting with Bash
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
21 Beginner Linux for Ethical Hackers - Installing and Updating Tools
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
22 Cracking Linux Password Hashes with Hashcat
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
23 Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
24 Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
25 Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
26 Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
27 New Zero to Hero Pentest Course, New Website, and 2K Subs?!
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
28 Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
29 Zero to Hero Pentesting: Episode 2 - Python 101
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
30 Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
31 Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
32 Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
33 Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
34 Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
35 Installing Windows Server 2016 on VMWare in 5 Minutes
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
36 Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
37 A Day in the Life of an Ethical Hacker / Penetration Tester
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
38 Active Directory Exploitation - LLMNR/NBT-NS Poisoning
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
39 Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
40 Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
41 Writing a Pentest Report
Writing a Pentest Report
The Cyber Mentor
42 Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
43 The Complete Linux for Ethical Hackers Course for 2019
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
44 Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
45 Popping a Shell with SMB Relay and Empire
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
46 Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
47 Pentesting for n00bs: Episode 2 - Lame
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
48 Pentesting for n00bs: Episode 3 - Blue
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
49 Web App Testing: Episode 1 - Enumeration
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
50 Pentesting for n00bs: Episode 4 - Devel
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
51 Pentesting for n00bs: Episode 5 - Jerry
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
52 Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
53 Pentesting for n00bs: Episode 6 - Nibbles
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
54 Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
55 How NOT to Approach a Cybersecurity Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
56 Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
57 Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
58 Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
59 Pentesting for n00bs: Episode 9 - Grandpa
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
60 Top 5 Internal Pentesting Methods
Top 5 Internal Pentesting Methods
The Cyber Mentor

This video teaches viewers how to attack JSON Web Tokens using header injections and provides a primer on JWT headers and code review. Viewers will learn how to identify vulnerabilities in JWT implementations and conduct header injection attacks.

Key Takeaways
  1. Define secrets using asymmetric secret
  2. Use the HS 256 algorithm to sign the token
  3. Decode the header to set the key to null if the algorithm is none
  4. Verify the token using jwt.verify
  5. Grab a token with a Slash JWT
  6. Paste the token in token.dev and edit it manually or use the none algorithm
  7. Copy the token and go to the payload
  8. Use HTTP slash localhost 3001 JWT with a trailing dot
  9. Use Burp Suite to send the token to the repeater
  10. Generate RSA key and select 2048 JWK
💡 The video highlights the importance of properly handling Json WebKeys embedded in JWT headers to prevent insecure handling and potential attacks.

Related Reads

📰
The Invisible Arms Race: How the World’s Biggest Defense Companies Are Building the Future of Cyber…
Discover how top defense companies are shifting focus to cybersecurity, developing new technologies to stay ahead in the invisible arms race
Medium · Cybersecurity
📰
# Online vs. Offline Password Attacks: A Field Guide
Learn to distinguish between online and offline password attacks and understand their implications for security
Dev.to · auto_majicly
📰
Suricata installation and Custom rules
Learn to install Suricata and create custom rules for a Network Intrusion Detection System (NIDS) on Kali Linux
Medium · Cybersecurity
📰
Being a Woman Online Is Basically a Cheat Code… Right?
Women face unique online challenges, and being a woman online can be a complex experience, this article explores the idea that being a woman online is not a cheat code, but rather a challenging and nuanced experience.
Medium · Cybersecurity

Chapters (6)

Intro
0:28 JWT Headers Primer
4:13 Code review
8:02 Algorithm injection attack
13:07 JWK header injection
18:14 Outro
Up next
Claude Mythos Is Too Dangerous to Release 😱⚠️ | Claude Mythos explained | Tamil | Karthik's Show
Karthik's Show
Watch →